Is it safe to say that that best placement for pass rules would be
local.rules file? (Meaning later rule updates?
Erek Adams wrote:
>On Wed, 2 Apr 2003, Keg wrote:
>>>>>Sorry guys for the question but how do I write the pass rule?
>>>>>>Just like any other, except instead of 'alert' or 'log' the action is
>'pass'. Have a look at this [0] for an example. You can also find more
>info in the Snort Users manual.
>>>>>Should a create the file and name it as pass.rules or should I simply
>>add the following to the local rules.?
>>>>pass ip 10.13.110.254 53 -> 10.13.110.254 any
>>>>>>That's all up to you. Depends on how you like to organize things. :)
>Since there's a blank local.rules in the default ruleset, I don't like to
>use that filename. It stops me from just copying the rules/* over to
>/etc/snort/rules/. I tend to use 'pass.rules' and 'my.rules' for pass and
>local stuff.
>>You pick whatever way works for you. Just remember that you did it! :)
>>Cheers!
>>-----
>Erek Adams
>> "When things get weird, the weird turn pro." H.S. Thompson
>>>[0] http://www.theadamsfamily.net/~erek/snort/ignore.txt>>>-------------------------------------------------------
>This SF.net email is sponsored by: ValueWeb:
>Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
>No other company gives more support or power for your dedicated server
>http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users>>
--
Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop at ...2793...!
http://shopnow.netscape.com/